Results 1 to 4 of 4

Thread: Brute Force Monitor blocking reverse IP lookups

  1. #1
    Join Date
    Jun 2010
    Posts
    9

    Brute Force Monitor blocking reverse IP lookups

    Hi!

    We installed a new DA server (our 4th one) and are having trouble with BFM. On our previous intallations BFM only logged IPs, but on our new installation BFM logs reverse IP lookup strings (and NOT IP addresses). These failed login attempts then do not get blocked, because DA obviously cant block rDNS lookup strings (only IPs). How can we change this?

    Regards,
    Rok

  2. #2
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    12,937
    Hello,

    Is it about brute-force attempts to SSH?

    If yes, then set

    Code:
    UseDNS no
    in /etc/ssh/sshd_config and restart sshd.
    Regards, Alex G.

    - You can hire me on www.poralix.com to work on your server
    - Follow and like @Poralix on Facebook

  3. #3
    Join Date
    Jun 2010
    Posts
    9
    Hi,

    It was actually to MySQL. We needed 3306 to be opened for certain reasons. We resolved this issue by opening 3306 only for certain hosts so other get blocked automatically on the firewall level, before they even have the option to login to MySQL. Another option would be to set skip_name_resolve in my.cnf: https://dev.mysql.com/doc/refman/8.0...p_name_resolve.

    Thank your for your reply!

  4. #4
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    12,937
    You might want to report this issue to Directadmin developers, so that they filter IPs from logs skipping hostnames.
    Regards, Alex G.

    - You can hire me on www.poralix.com to work on your server
    - Follow and like @Poralix on Facebook

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •